Last Revised August 27, 2018
We respect your privacy.
This policy, therefore, describes how we collect, process and hold your personal data if you visit our website, use our services or otherwise provide us with personal data.
We are Talisa US of 250 Greenwich St, New York, NY, 10007, USA. We are the sole data controller of your personal data.
This policy affects your legal rights and obligations so please read it carefully. If you have any questions, please contact us at firstname.lastname@example.org or call us on (646) 846-1810.
Personal Data that We Collect
When you browse our website, subscribe to our newsletter, open an account on our website or purchase an item, we may collect, process, store and use personal data including your name, phone number, mobile number, physical address, email address and IP address together with payment information and browsing history. Personal data however does not include information that has been irreversibly anonymized or aggregated so that it can no longer enable us, whether in combination with other information or otherwise, to identify you.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this.
You do not need to provide us with any personal data to browse through our website. However, we may still automatically collect certain information as described below.
When you contact us by email, we may keep a record of the correspondence and we may also record any telephone call we have with you.
In addition, if you choose to engage in social sharing, for example, by connecting your social media account (e.g., Facebook) to your customer account or by logging into your customer account from your social media account, the social media site may share information with us about your use of their services, including profile information, information about your contacts and content you have viewed or liked. Where applicable, please refer to the social media site’s privacy settings to control how your information is shared.
Data that We Automatically Collect
When you visit our website, we, or third parties on our behalf, automatically collect and store information about your device and your activities. This information could include (a) your computer or other device’s unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns.
A cookie is a small text file containing a unique identification number that is transferred (through your browser) from a website to the hard drive of your computer.
The cookie identifies your browser but will not let a website know any personal data about you, such as your name and/or address. These files are then used by websites to identify when users revisit that website.
Session Cookies are temporary cookies that remain in the cookie file of your browser until you leave our website. Persistent Cookies, on the other hand, commonly remain in the cookie file of your browser for longer periods depending on the lifetime of the specific cookie. When we use session cookies to track the total number of visitors to our Site, for example, this is done on an anonymous aggregate basis.
We also use Google Analytics to monitor how the website is used. Google Analytics collects information anonymously and generates reports detailing information such as the number of visits to the website, where visitors generally came from, how long they stayed on the website, and which pages they visited. Google Analytics places several persistent cookies on your computer’s hard drive. These do not collect any personal data. If you do not agree to this use you can disable persistent cookies in your browser. This will prevent Google Analytics from logging your visits.
It is necessary for our legitimate interests to use your personal data to send you marketing communications, which may include newsletters, blog posts, surveys and information about new products.
You can choose to no longer receive marketing communications by contacting us at email@example.com or clicking unsubscribe from a marketing email.
If you do unsubscribe to marketing communications, it may take up to 5 business days for your new preferences to take effect. We shall therefore retain your personal data in our records for marketing purposes until you notify us that you no longer wish to receive marketing emails from us.
Why We Process Personal Data
We will use your personal data in order to comply with our contractual obligations, to supply to you the products that you had purchased, including to contact you with any information relating to the shipment and delivery of the product to you in accordance with any requests you make and that we agree to, and to deal with any questions, comments or complaints you have with respect to the same, if any.
We may also use your personal data for our legitimate interests, including dealing with any customer services you require, enforcing the terms of any other agreement between us, for regulatory and legal purposes (for example anti-money laundering), for audit purposes and to contact you about changes to this policy.
Sharing Personal Data
We may share your personal data with our employees, service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including marketing services providers (e.g., Google Analytics and Facebook), payment and shipment providers, email communication providers (e.g., Mail-Chimp), IT service providers, accountants, auditors and lawyers.
Under certain circumstances we may have to disclose your personal data under applicable laws and/or regulations, for example, as part of anti-money laundering processes or protect a third party’s rights, property or safety.
We may also share your personal data in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
Legal Basis for Processing of Personal Data of EEA Residents
If you reside within the EEA, our processing of your personal data will be legitimized as follows:
Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
If the processing of your personal information is necessary for the performance of a contract between you and us or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b).
Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), and where the processing is necessary for the purposes of our legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f).
Cross-border Transfer of Personal Data
We may share personal data with our employees, consultants and third party service providers outside your country but only for purposes of performing the services for which you provided your personal data, even to countries that might not offer a level of protection for your personal information that is equivalent to the one offered in your country of residence or in similar countries found to provide adequate safeguards to your personal data. We will obtain your express consent, however, before using your personal data for any purposes other than performing the services for which you provided the personal data.
For EU users only - Transferring your information outside the European Economic Area.
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). This may happen if any of our servers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the EEA.
In such circumstances, we will enter into model contractual clauses as adopted by the European Commission, or rely on alternative legal bases such as the US-EU Privacy Shield (described below), where applicable, or binding corporate rules where our affiliates, consultants or service providers have adopted such internal policies approved by European data protection authorities.
If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
Privacy Shield Principles and Framework
We transfer certain personal data to our employees, affiliates and service providers in the U.S. We comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the EU member countries and Switzerland to the United States.
We adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity, and Purpose Limitation, Access, Recourse, Enforcement and Liability.
To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Principle of Onward Transfer
In the context of an onward transfer of personal data to a third party, a Privacy Shield organization has responsibility for the processing of personal data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf.
We shall remain liable under the principles if our agent processes such personal data in a manner inconsistent with the principles, unless we prove that we are not responsible for the event giving rise to the damage.
Independent Dispute Resolution for Individuals in the EU and Switzerland
In compliance with the US-EU and Swiss-US Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal data.
We have further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to the https://www.bbb.org/EU-privacy-shield/, a nonprofit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
There may be a possibility, under certain limited conditions, for EU and Swiss individuals to invoke binding arbitration before the Privacy Shield Panel.
Notifications and Updates
Our website sends new registered users a welcoming email to verify password and username. After you register with our website and have provided consent to receiving marketing emails, we may send you on a regular basis via emails information on other services or products that we believe may be of interest to you. We give you the option at all times to unsubscribe from receiving these types of communications.
We may also send you notifications regarding updates to our website and our services only if you have provided consent to receiving updates about our opportunities, services and products. We may also communicate with you to provide requested services and with respect to issues relating to your account via email or phone.
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
All information you provide to us is stored on our secure servers. Any payment transactions are encrypted using SSL technology. Where we have given, or you have chosen a password, you are responsible for keeping this password confidential. You acknowledge, however, that no system can be completely secure. Therefore, although we take these steps to secure your personal data seriously, we do not and cannot promise that your personal data will always remain completely secure.
You have the right to obtain from us a copy of the personal data that we hold for you, and to require us to correct errors in the personal data if it is inaccurate or incomplete or to limit or object to its processing. You also have the right at any time to require that we delete your personal data or transfer it to a third-party. To exercise these rights, or any other rights you may have under applicable laws, please contact us at firstname.lastname@example.org.
Please note, however, that we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.
Additionally, such rights of rectification, objection, restriction, access, portability and deletion are subject to certain limitations, as provided for by applicable laws. Individual requests will be completed as soon as possible following their receipt and in any event within thirty (30) days from our confirmation of such receipt.
If you wish to exercise your rights or if you have any complaints in relation to this policy or otherwise in relation to our processing of your personal data, you should contact the 43's supervisory authority: the Information Commissioner, see https://www.bbb.org/EU-privacy-shield/file-a-complaint/.
If you register with us, we shall retain your personal data until you close your account. If you receive marketing communications from us, we shall retain your personal data until you opt-out of receiving such communications.
If you have otherwise ordered or purchased an item from us or contacted us with a question or comment, we shall retain your personal data for 6 months following such contact to respond to any further queries you might have.
If any provision of this policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
The website and services are intended to be used by individuals over the age of 18. If we become aware that we have collected the personal data of an individual under 16, we will take steps to delete the information as soon as possible. Please immediately contact us by sending an email to email@example.com if you become aware that an individual under 16 has provided us with personal data.
This policy shall be governed by and construed in accordance with the law of 43, and you agree to submit to the exclusive jurisdiction of the 43's Courts.
We may change the terms of this policy from time to time. You are responsible for regularly reviewing this policy so that you are aware of any changes to it. If you continue to use our website after the time we state the changes will take effect, you will have accepted the changes.
For more information on the GDPR, please refer to: